Gå til innhold

Logger til analyse

Kakeshoma

Av Kakeshoma
i IKT-drift og sikkerhet

Anbefalte innlegg

Kakeshoma

Kakeshoma

Skrevet
Skrevet

Har en regnøkkel som er umulig å bli kvitt... Kommer opp som rootkit i Comodo

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version

Prøvd å fjerne utenfor Windows, RegAssassin...

 

Får se om dere finner noe.

HJT:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:42:49, on 21.06.2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

M:\Programmer\MSI Afterburner\MSIAfterburnerSetup210\MSIAfterburnerSetup210\MSIAfterburner.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files (x86)\Saitek\DirectOutput\DirectOutputManager.exe

C:\Program Files (x86)\Saitek\Software\ProfilerU.exe

D:\AntiVirus\Zone Alarm Firewall\ZoneAlarm\zlclient.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

M:\Programmer\Acronis Disk Monitor\DriveMonitor\DriveMonitor\adm_tray.exe

M:\Programmer\MSI Afterburner\MSIAfterburnerSetup210\MSIAfterburnerSetup210\Bundle\OSDServer\RTSS.exe

C:\test.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - M:\Programmer\Orbit Downloader\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\ANTIVI~1\SPYBOT~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - M:\PROGRA~1\MSOFFI~1\Office14\URLREDIR.DLL

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - M:\Programmer\Orbit Downloader\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [DirectOutput] C:\Program Files (x86)\Saitek\DirectOutput\DirectOutputManager.exe

O4 - HKLM\..\Run: [Profiler] C:\Program Files (x86)\Saitek\Software\ProfilerU.exe

O4 - HKLM\..\Run: [saiMfd] C:\Program Files (x86)\Saitek\Software\SaiMfd.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\AntiVirus\Zone Alarm Firewall\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [adm_tray.exe] M:\Programmer\Acronis Disk Monitor\DriveMonitor\DriveMonitor\adm_tray.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\AntiVirus\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\AntiVirus\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\AntiVirus\Spybot Search and Destroy\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: &Download by Orbit - res://M:\Programmer\Orbit Downloader\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://M:\Programmer\Orbit Downloader\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://M:\Programmer\Orbit Downloader\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://M:\Programmer\Orbit Downloader\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://M:\PROGRA~1\MSOFFI~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd til OneNote - res://M:\PROGRA~1\MSOFFI~1\Office14\ONBttnIE.dll/105

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - M:\Programmer\MS Office 2010\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - M:\Programmer\MS Office 2010\Office14\ONBttnIE.dll

O9 - Extra button: &Koblede OneNote-notater - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - M:\Programmer\MS Office 2010\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Koblede OneNote-notater - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - M:\Programmer\MS Office 2010\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ANTIVI~1\SPYBOT~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ANTIVI~1\SPYBOT~1\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: m:\programmer\vmware\workstation\program\vsocklib.dll

O10 - Unknown file in Winsock LSP: m:\programmer\vmware\workstation\program\vsocklib.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted IP range: http://192.168.1.1

O15 - ESC Trusted IP range: http://192.168.1.1

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane..._2.3.10.115.cab

O16 - DPF: {58607669-90BF-465D-86ED-077746100F4C} (BrowserPlugin Class) - http://cache.finn.no...77746100f4c.cab

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.updat...b?1294052940991

O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield....er_1.0.26.2.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{41F0D486-46D9-4E4B-A54F-D2A203EAE0F6}: NameServer = 208.67.222.222,208.67.220.220

O17 - HKLM\System\CCS\Services\Tcpip\..\{73747D7A-C134-4240-824E-A8A144BA1C7B}: NameServer = 208.67.222.222,208.67.220.220

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll

O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - D:\AntiVirus\Comodo Anti Virus\Program\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - D:\AntiVirus\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - M:\Programmer\TeamViewer\Version5\TeamViewer_Service.exe

O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - M:\Programmer\TightVNC\tvnserver.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: UsbClientService - Unknown owner - M:\Programmer\Synology Assistant\Assistant\UsbClientService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 11828 bytes

 

 

 

Combofix:

 

 

ComboFix 11-06-21.02 - Kakeshoma 21.06.2011 17:36:07.1.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.47.1033.18.6141.4479 [GMT 2:00]

Kjører fra: c:\users\Kakeshoma\Desktop\ComboFix.exe

AV: COMODO Antivirus *Disabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}

FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}

SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Opprettet nytt gjenopprettingspunkt

.

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2011-05-21 til 2011-06-21 )))))))))))))))))))))))))))))))))

.

.

2011-06-21 15:38 . 2011-06-21 15:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-21 15:33 . 2011-06-21 15:35 -------- d-----w- C:\32788R22FWJFW

2011-06-21 15:25 . 2011-06-21 15:25 -------- d-----w- c:\users\Kakeshoma\AppData\Roaming\Malwarebytes

2011-06-21 15:24 . 2011-06-21 15:24 -------- d-----w- c:\programdata\Malwarebytes

2011-06-21 15:24 . 2011-05-29 07:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-06-21 15:24 . 2011-05-29 07:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-21 14:57 . 2011-06-21 14:57 181064 ----a-w- c:\windows\PSEXESVC.EXE

2011-06-21 10:52 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ADFF03FF-D160-4814-813C-2499CBFD5B61}\mpengine.dll

2011-06-20 19:16 . 2011-06-20 19:16 285280 ----a-w- c:\windows\system32\drivers\afcdp.sys

2011-06-20 19:16 . 2011-06-20 19:16 -------- d-----w- c:\users\Kakeshoma\AppData\Roaming\B1B7D053-F2D8-4E03-9EDA-D1D61F7B4056

2011-06-20 19:16 . 2011-06-20 19:16 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys

2011-06-20 19:16 . 2011-06-20 19:16 970336 ----a-w- c:\windows\system32\drivers\timntr.sys

2011-06-18 21:22 . 2011-06-18 21:22 -------- d-----w- c:\programdata\Comodo Downloader

2011-06-14 20:01 . 2011-04-25 05:33 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-14 20:01 . 2011-04-25 02:34 499200 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-14 20:01 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-14 20:01 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll

2011-06-14 20:01 . 2011-02-25 06:22 861696 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-14 20:01 . 2011-02-25 05:34 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-06-14 20:01 . 2011-05-28 03:06 3135488 ----a-w- c:\windows\system32\win32k.sys

2011-06-14 20:01 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-14 20:01 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-14 20:01 . 2011-04-27 02:39 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-14 20:01 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-14 20:01 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-14 20:01 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-06 10:55 . 2011-06-06 10:55 183696 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\nppdf32.dll

2011-06-01 23:08 . 2011-06-01 23:08 -------- d-----w- c:\program files (x86)\Spirent Communications

2011-06-01 23:08 . 2011-06-01 23:08 -------- d-----w- c:\program files (x86)\HTC

2011-06-01 21:26 . 2011-06-01 21:26 -------- d-----w- c:\programdata\ProcessLasso

2011-06-01 21:25 . 2011-06-21 14:18 -------- d-----w- c:\users\Kakeshoma\AppData\Roaming\ProcessLasso

2011-06-01 19:32 . 2011-06-01 19:32 -------- d-----w- c:\program files (x86)\Electronic Arts

2011-06-01 17:37 . 2011-06-21 14:30 -------- d-----w- c:\programdata\NVIDIA

2011-06-01 17:37 . 2011-05-25 06:09 1016936 ----a-w- c:\windows\system32\nvvsvc.exe

2011-06-01 17:37 . 2011-05-25 06:09 61544 ----a-w- c:\windows\system32\nvshext.dll

2011-06-01 17:37 . 2011-05-25 06:09 3040872 ----a-w- c:\windows\system32\nvsvc64.dll

2011-06-01 17:37 . 2011-05-25 06:09 117864 ----a-w- c:\windows\system32\nvmctray.dll

2011-06-01 17:37 . 2011-05-25 06:09 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll

2011-06-01 17:37 . 2011-05-25 06:09 6300776 ----a-w- c:\windows\system32\nvcpl.dll

2011-06-01 17:37 . 2011-06-01 17:37 -------- d-----w- c:\programdata\NVIDIA Corporation

2011-05-31 14:10 . 2011-05-31 14:10 -------- d-----w- c:\programdata\PDVD

2011-05-31 14:09 . 2011-05-31 14:09 -------- d-----w- c:\users\Kakeshoma\AppData\Local\MediaServer

2011-05-31 14:08 . 2011-05-31 14:10 -------- d-----w- c:\programdata\install_clap

2011-05-30 17:22 . 2011-05-30 17:22 -------- d-----w- c:\users\Kakeshoma\AppData\Roaming\Digiarty

2011-05-26 21:24 . 2009-12-21 15:39 51712 ----a-w- c:\windows\system32\drivers\RtTeam60.sys

2011-05-26 21:24 . 2009-07-20 02:27 27136 ----a-w- c:\windows\system32\drivers\RtNdPt60.sys

2011-05-26 21:24 . 2007-12-03 02:20 24064 ----a-w- c:\windows\system32\drivers\RtVlan60.sys

2011-05-25 19:02 . 2011-05-16 16:35 231600 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2011-05-25 19:02 . 2011-05-16 16:35 56752 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2011-05-25 15:48 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-05-24 15:53 . 2011-04-15 23:40 809496 ----a-r- c:\windows\SysWow64\tmpE004.tmp

2011-05-24 13:34 . 2011-04-15 23:40 809496 ----a-r- c:\windows\SysWow64\tmp9FFC.tmp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-20 19:16 . 2010-07-12 19:22 277088 ----a-w- c:\windows\system32\drivers\snapman.sys

2011-05-24 17:14 . 2010-07-12 18:38 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-05-24 15:53 . 2010-07-12 20:11 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2011-05-24 15:53 . 2010-07-12 20:11 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2011-05-20 20:35 . 2011-05-20 20:35 304744 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2011-05-20 08:04 . 2011-05-20 08:04 276584 ----a-w- c:\windows\system32\drivers\nvstusb.sys

2011-05-16 16:35 . 2011-05-16 16:35 176560 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

2011-05-16 16:35 . 2011-05-16 16:35 156912 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2011-05-16 16:35 . 2011-05-16 16:35 320816 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll

2011-05-10 21:09 . 2011-01-06 15:37 92688 ----a-w- c:\windows\system32\drivers\inspect.sys

2011-05-09 16:23 . 2010-07-20 15:27 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2011-05-09 16:23 . 2010-07-13 14:43 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2011-05-04 22:03 . 2010-12-28 23:42 360976 ----a-w- c:\windows\system32\guard64.dll

2011-05-04 22:03 . 2010-12-28 23:42 284744 ----a-w- c:\windows\SysWow64\guard32.dll

2011-05-04 22:03 . 2011-01-06 15:37 41712 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-05-04 22:03 . 2011-01-06 15:36 16016 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-05-04 22:03 . 2011-01-06 15:36 252344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-04-15 23:40 . 2011-04-15 23:40 809496 ----a-r- c:\windows\SysWow64\tmpDF77.tmp

2011-04-15 23:40 . 2011-04-15 23:40 809496 ----a-r- c:\windows\SysWow64\tmp9CD0.tmp

2011-04-15 15:10 . 2011-04-15 15:10 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-04-15 15:10 . 2011-04-15 15:10 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-04-15 15:10 . 2011-04-15 15:10 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-04-15 15:10 . 2011-04-15 15:10 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-04-15 15:10 . 2011-04-15 15:10 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-04-15 15:10 . 2011-04-15 15:10 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

2011-04-15 15:10 . 2011-04-15 15:10 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-04-15 15:10 . 2011-04-15 15:10 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-04-15 15:10 . 2011-04-15 15:10 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-04-15 15:10 . 2011-04-15 15:10 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-04-15 15:10 . 2011-04-15 15:10 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-04-15 15:10 . 2011-04-15 15:10 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-04-15 15:10 . 2011-04-15 15:10 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-04-15 15:10 . 2011-04-15 15:10 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-04-15 15:10 . 2011-04-15 15:10 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-04-15 15:10 . 2011-04-15 15:10 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-04-15 15:10 . 2011-04-15 15:10 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-04-15 15:10 . 2011-04-15 15:10 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-04-15 15:10 . 2011-04-15 15:10 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-04-15 15:10 . 2011-04-15 15:10 448512 ----a-w- c:\windows\system32\html.iec

2011-04-15 15:10 . 2011-04-15 15:10 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-04-15 15:10 . 2011-04-15 15:10 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-04-15 15:10 . 2011-04-15 15:10 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-15 15:10 . 2011-04-15 15:10 222208 ----a-w- c:\windows\system32\msls31.dll

2011-04-15 15:10 . 2011-04-15 15:10 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-04-15 15:10 . 2011-04-15 15:10 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-04-15 15:10 . 2011-04-15 15:10 160256 ----a-w- c:\windows\system32\wextract.exe

2011-04-15 15:10 . 2011-04-15 15:10 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-04-15 15:10 . 2011-04-15 15:10 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-04-15 15:10 . 2011-04-15 15:10 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-15 15:10 . 2011-04-15 15:10 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-04-15 15:10 . 2011-04-15 15:10 1389056 ----a-w- c:\windows\system32\wininet.dll

2011-04-15 15:10 . 2011-04-15 15:10 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-04-15 15:10 . 2011-04-15 15:10 12288 ----a-w- c:\windows\system32\mshta.exe

2011-04-15 15:10 . 2011-04-15 15:10 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-04-15 15:10 . 2011-04-15 15:10 114176 ----a-w- c:\windows\system32\admparse.dll

2011-04-15 15:10 . 2011-04-15 15:10 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-04-15 15:10 . 2011-04-15 15:10 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll

2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll

2011-04-09 07:02 . 2011-05-11 09:16 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 06:58 . 2011-05-11 09:19 142336 ----a-w- c:\windows\system32\poqexec.exe

2011-04-09 06:02 . 2011-05-11 09:16 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-04-09 06:02 . 2011-05-11 09:16 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-04-09 05:56 . 2011-05-11 09:19 123904 ----a-w- c:\windows\SysWow64\poqexec.exe

2011-03-31 21:48 . 2011-03-31 21:48 86016 ----a-w- c:\windows\SysWow64\frapsvid.dll

2011-03-31 21:48 . 2011-03-31 21:48 84992 ----a-w- c:\windows\system32\frapsv64.dll

2011-03-25 03:29 . 2011-05-11 09:16 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-03-25 03:29 . 2011-05-11 09:16 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-03-25 03:29 . 2011-05-11 09:16 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-03-25 03:29 . 2011-05-11 09:16 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-03-25 03:29 . 2011-05-11 09:16 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-03-25 03:28 . 2011-05-11 09:16 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

.

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="d:\antivirus\Spybot Search and Destroy\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"DirectOutput"="c:\program files (x86)\Saitek\DirectOutput\DirectOutputManager.exe" [2006-09-28 151552]

"Profiler"="c:\program files (x86)\Saitek\Software\ProfilerU.exe" [2006-09-05 184320]

"SaiMfd"="c:\program files (x86)\Saitek\Software\SaiMfd.exe" [2006-09-28 180736]

"ZoneAlarm Client"="d:\antivirus\Zone Alarm Firewall\ZoneAlarm\zlclient.exe" [2011-03-17 1043968]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"adm_tray.exe"="m:\programmer\Acronis Disk Monitor\DriveMonitor\DriveMonitor\adm_tray.exe" [2010-06-04 530784]

"Malwarebytes' Anti-Malware"="d:\antivirus\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes' Anti-Malware"="d:\antivirus\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"SoftwareSASGeneration"= 1 (0x1)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;d:\antivirus\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]

R3 7ByteIo;7ByteIo;m:\programmer\HOT CPU Tester\Hot CPU Tester Pro 4 LE\SysInfoX64.sys [x]

R3 cmudaxp;ASUS Xonar D2X Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [x]

R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]

R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]

R3 SaiH0762;SaiH0762;c:\windows\system32\DRIVERS\SaiH0762.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]

R3 TeamViewer5;TeamViewer 5;m:\programmer\TeamViewer\Version5\TeamViewer_Service.exe [2009-12-17 185640]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tvnserver;TightVNC Server;m:\programmer\TightVNC\tvnserver.exe [2010-07-08 815704]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

R4 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;m:\programmer\Converters Players\PowerDVD 11 Ultra\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-05-19 83240]

R4 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;m:\programmer\Converters Players\PowerDVD 11 Ultra\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-05-12 70952]

R4 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;m:\programmer\Converters Players\PowerDVD 11 Ultra\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-05-12 312616]

R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-05-20 539184]

R4 VoddlerNet;VoddlerNet;m:\programmer\Voddler\service\voddler.exe [2010-05-11 873168]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]

S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]

S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [x]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]

S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/08/24 19:30];m:\programmer\Converters Players\PowerDVD 10 Ultra 3D\PowerDVD10\NavFilter\000.fcl [2010-04-02 07:11 146928]

S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/05/31 16:10];m:\programmer\Converters Players\PowerDVD 11 Ultra\PowerDVD11\Common\NavFilter\000.fcl [2011-05-20 13:31 148976]

S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-06-20 3246040]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]

S2 ntk_PowerDVD;ntk_PowerDVD;m:\programmer\Converters Players\PowerDVD 11 Ultra\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-05-19 75248]

S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]

S2 UsbClientService;UsbClientService;m:\programmer\Synology Assistant\Assistant\UsbClientService.exe [2011-02-18 245760]

S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]

S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]

S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys [x]

S3 CorsairCAHS1;CA-HS1 Interface;c:\windows\system32\drivers\CAHS164.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys [x]

S3 RTCore64;RTCore64;m:\programmer\MSI Afterburner\MSIAfterburnerSetup210\MSIAfterburnerSetup210\RTCore64.sys [2010-05-27 14648]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 SaiK0728;SaiK0728;c:\windows\system32\DRIVERS\SaiK0728.sys [x]

S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

.

.

--- Andre tjenester/drivere lastet i minnet ---

.

*NewlyCreated* - MBAMPROTECTOR

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 194560]

"COMODO Internet Security"="d:\antivirus\Comodo Anti Virus\Program\COMODO\COMODO Internet Security\cfp.exe" [2011-05-10 9057608]

"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-11-23 390728]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Tilleggsskanning -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://google.no/

IE: &Download by Orbit - m:\programmer\Orbit Downloader\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - m:\programmer\Orbit Downloader\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - m:\programmer\Orbit Downloader\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - m:\programmer\Orbit Downloader\Orbitdownloader\orbitmxt.dll/202

IE: E&ksporter til Microsoft Excel - m:\progra~1\MSOFFI~1\Office14\EXCEL.EXE/3000

IE: Se&nd til OneNote - m:\progra~1\MSOFFI~1\Office14\ONBttnIE.dll/105

LSP: m:\programmer\VMware\Workstation\Program\vsocklib.dll

TCP: DhcpNameServer = 217.13.7.140 217.13.4.24 10.0.0.1

TCP: Interfaces\{41F0D486-46D9-4E4B-A54F-D2A203EAE0F6}: NameServer = 208.67.222.222,208.67.220.220

TCP: Interfaces\{73747D7A-C134-4240-824E-A8A144BA1C7B}: NameServer = 208.67.222.222,208.67.220.220

DPF: {58607669-90BF-465D-86ED-077746100F4C} - hxxp://cache.finn.no/auximg/bp/58607669-90bf-465d-86ed-077746100f4c.cab

FF - ProfilePath - c:\users\Kakeshoma\AppData\Roaming\Mozilla\Firefox\Profiles\522bg8cu.default\

.

- - - - TOMME PEKERE FJERNET - - - -

.

Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-{A64240FF-9C31-4858-AE9D-65483C5DE63A} - c:\users\Kakeshoma\AppData\Local\{DFF7F5B3-9811-4BE0-94D3-DE8D714CEC8A}\Living Hell Light Setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]

"ImagePath"="\??\m:\programmer\Converters Players\PowerDVD 10 Ultra 3D\PowerDVD10\NavFilter\000.fcl"

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]

"ImagePath"="\??\m:\programmer\Converters Players\PowerDVD 11 Ultra\PowerDVD11\Common\NavFilter\000.fcl"

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

.

[HKEY_USERS\S-1-5-21-4267393232-1406148221-1984847428-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:c3,5b,1b,2d,f4,76,b8,70,37,7f,48,68,f7,93,a7,c7,c3,96,3a,d2,43,6a,38,

44,07,7e,eb,e0,ae,2e,05,a7,06,1a,d6,17,ef,fe,2d,c6,4f,39,62,23,27,ba,8e,5a,\

"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f

.

[HKEY_USERS\S-1-5-21-4267393232-1406148221-1984847428-1000\Software\SecuROM\License information*]

"datasecu"=hex:5a,b2,d9,df,74,7c,3c,2b,28,f7,4f,19,03,13,6b,c6,4b,fe,72,02,a5,

f4,27,77,23,67,66,e3,42,cc,b7,eb,5f,30,4a,f6,a1,47,19,6a,5e,3d,01,03,fa,f5,\

"rkeysecu"=hex:fa,22,bd,a6,f0,6f,8b,5b,b0,d8,9a,91,28,60,71,fe

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:ac,29,b5,58,79,a0,79,ee,ee,7b,2b,b4,66,ba,e5,2e,31,74,e3,32,c6,

c0,05,aa,e3,d2,e8,f5,16,d0,57,ac,57,bb,65,4d,4e,ca,b7,02,32,82,71,24,cd,29,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:ac,29,b5,58,79,a0,79,ee,ee,7b,2b,b4,66,ba,e5,2e,31,74,e3,32,c6,

c0,05,aa,e3,d2,e8,f5,16,d0,57,ac,57,bb,65,4d,4e,ca,b7,02,32,82,71,24,cd,29,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tidspunkt ferdig: 2011-06-21 17:39:45

ComboFix-quarantined-files.txt 2011-06-21 15:39

.

Pre-Run: 20 738 641 920 bytes free

Post-Run: 20 507 107 328 bytes free

.

- - End Of File - - 4F5DCA4DE31C06202173940193BFBA0A

 

 

 

MBAM:

 

 

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

 

Database version: 6910

 

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

 

21.06.2011 17:28:25

mbam-log-2011-06-21 (17-28-25).txt

 

Scan type: Quick scan

Objects scanned: 165604

Time elapsed: 2 minute(s), 51 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

 

 

Takker :)

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste
×
×
  • Opprett ny...